hacking oracle±Ê¼Ç

###author:hiphop###
###qq:70381908###
ΪʲôҪ¹Ø×¢ Oracle ?
ÒòΪOracle ±»´óÁ¿ÆóÒµËùʹÓÃ,ÓÐÐí¶àÄ¿±ê¿ÉÒÔÑ¡ÔñÀ´Éø͸
Ðí¶àÆóÒµ¶¼Ã»ÓиüÐÂÇÒÓÐDZÔڵķ½ÏÕ!
ÌáȨ·Ç³£¼òµ¥,ÈÝÒ×Äõ½shell!!
¶ÁÁËblackhat paper ÈÃÎÒ¿ªÊ¼À´Ñо¿Oracle
ÒòΪËûÖ»½²µ½Ò»Ð¡²¿·Ý ÕæÕý°²È«ÎÊÌ⻹ÓкܹãµÄ
Ö»ÊǹúÄÚºÃÏñºÜÉÙÍÚ¾ò
ÒòΪÓöµ½µÄ»·¾³²»¶à
µ«ÊÇ°¢ Oracle ÊÇ free download ºÇºÇ
¸¶·Ñ²Å¿ÉÒÔupgrade
Ò»°ãÁ¬½Ó Oracle ÐèÒªÒÔϼ¸¸öÌõ¼þ£º
IP
PORT
SID
username/password
The Oracle listener default port is 1521
generally in the 1521-1540 range
ɨÃè´Ì̽²»»á¸úÄã˵ÓÃʲô°æ±¾µ«Ð°æµÄnmap ¿ÉÒÔÈ¡µÃµ½Ò»Ð©,ʹÓÃTNS packet¿ÉÒÔ½â¾öÕâ¸öÎÊÌâ
TNS packet ¿ÉÒÔÁ˽â oracle °æ±¾
SID ´Ì̽·½Ê½:
1.TNS listener directly
2.brute force for default sid
3.query other component ¿ÉÄÜ°üº¬ÓÐSID
u/p Æƽâ
ÌáȨ·½·¨:
Ìá權 1 java function
Win32Exec
Ìá權2 smbrelay
Run OS commands via sql injection in web applications
Run OS commands via create table
Run OS commands via dbms scheduler
Run OS commands via PL/SQL and Extproc
Run OS commands via Java
Run OS commands via Oracle Text
Run OS commands via PL/SQL Native (9i)
Run OS commands via PL/SQL Native (10g / 11g)
Run OS commands via alter system set events
»¹»á½ÐøÔö¼Ó£¡£¡
´ËÎÄÖ»ÊÇÎÒµÄresearch µÄС±Ê¼Ç
ÁíÍâ½éÉÜÒ»¿î¹¤¾ß ¿ÉÒÔ×öµ½²¿·Ýà¡ pyдµÄ
download£º http://inguma.sourceforge.net/
demo£ºhttp://inguma.sourceforge.net/text/inguma_text.html
×¢:
Oracle default port list
Oracle HTTP Server listen port / Oracle HTTP Server port
80
Oracle Application Server
Edit httpd.conf and restart OHS
Oracle Internet Directory(non-SSL)
389
Oracle Application Server
 
Oracle HTTP Server SSL port
443
Oracle Application Server
Edit httpd.conf and restart OHS
Oracle Internet Directory(SSL)
636
Oracle Application Server
 
Oracle Net Listener / Enterprise Manager Repository port
1521
Oracle Application Server / Oracle Database
Edit listener.ora and restart listener
Oracle Net Listener
1526
Oracle Database
Edit listener.ora and restart listen